===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/55.html,v
retrieving revision 1.66
retrieving revision 1.67
diff -c -r1.66 -r1.67
*** www/55.html 2014/05/01 14:52:34 1.66
--- www/55.html 2014/05/02 18:58:56 1.67
***************
*** 1,1141 ****
!
!
!
! OpenBSD 5.5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
OpenBSD 5.5
!
! Released May 1, 2014
! Copyright 1997-2014, Theo de Raadt.
! ISBN 978-0-9881561-3-5
!
! 5.5 Song: "Wrap in Time"
!
!
!
! - Order a CDROM from our ordering system.
!
- See the information on the FTP page for
! a list of mirror machines.
!
- Go to the pub/OpenBSD/5.5/ directory on
! one of the mirror sites.
!
- Briefly read the rest of this document.
!
- Have a look at the 5.5 errata page for a list
! of bugs and workarounds.
!
- See a detailed log of changes between the
! 5.4 and 5.5 releases.
!
!
- 5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h
!
- 5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO
!
- 5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5
!
!
! All applicable copyrights and credits can be found in the applicable
! file sources found in the files src.tar.gz, sys.tar.gz,
! xenocara.tar.gz, or in the files fetched via ports.tar.gz. The
! distribution files used to build packages from the ports.tar.gz file
! are not included on the CDROM because of lack of space.
!
!
!
!
!
!
What's New
!
! This is a partial list of new features and systems included in OpenBSD 5.5.
! For a comprehensive list, see the changelog leading
! to 5.5.
!
!
!
! - time_t is now 64 bits on all platforms.
!
! - From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC.
!
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t.
!
- Userland programs that were changed include
! arp(8),
! bgpd(8),
! calendar(8),
! cron(8),
! find(1),
! fsck_ffs(8),
! ifconfig(8),
! ksh(1),
! ld(1),
! ld.so(1),
! netstat(1),
! pfctl(8),
! ping(8),
! rtadvd(8),
! ssh(1),
! tar(1),
! tmux(1),
! top(1),
! and many others, including games!
!
- Removed time_t from network, on-disk, and database formats.
!
- Removed as many (time_t) casts as possible.
!
- Format strings were converted to use %lld and (long long) casts.
!
- Uses of timeval were converted to timespec where possible.
!
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106.
!
- Numerous ports throughout the ports tree received time_t fixes.
!
!
!
!
- Releases and packages are now cryptographically signed with the
! signify(1) utility.
!
! - The installer will verify all sets before installing.
!
- Installing without verification works, but is discouraged.
!
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.)
! ahead of time using the
! signify(1) tool if available.
!
- pkg_add(1) now only trusts signed packages by default.
!
!
!
!
- Installer improvements:
!
! - The installer now supports a scriptable
! auto-installation
! method that enables unattended installation and upgrades using a response file.
!
- Disk images which can be written to a USB flash drive
! (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets])
! are now provided for amd64 and i386.
!
- Rewritten
! installboot(8)
! utility aiming for a unified implementation across platforms (currently
! used by amd64 and i386 only).
!
- The installer now parses nwids with embedded blanks correctly.
!
!
!
!
- New/extended platforms:
!
!
!
!
- Improved hardware support, including:
!
! - New vmx(4)
! driver for VMware VMXNET3 Virtual Interface Controller devices.
!
- New vmwpvs(4)
! driver for VMware Paravirtual SCSI.
!
- New vioscsi(4)
! driver for VirtIO SCSI adapters.
!
- New viornd(4)
! driver for VirtIO random number devices.
!
- New ubcmtp(4)
! driver for Broadcom multi-touch trackpads found on newer Apple MacBook,
! MacBook Pro, and MacBook Air laptops.
!
- New ugold(4)
! driver for TEMPer gold HID thermometers.
!
- New ugl(4)
! driver for Genesys Logic based USB host-to-host adapters.
!
- New qla(4) driver for Qlogic fibre channel HBAs.
!
- radeondrm(4)
! has been overhauled, including:
!
! - New port of the Radeon code in Linux 3.8.13.19.
!
- Support for Kernel Mode Setting (KMS) including support for
! additional output types such as DisplayPort.
!
- wsdisplay(4)
! now attaches to
! radeondrm(4)
! and provides a framebuffer console.
!
! - inteldrm(4)
! has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes.
!
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and
! i210/i211/i354 has been added to
! em(4).
!
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to
! iwn(4).
!
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to
! arc(4).
!
- Support for Elantech v2 touchpads in pms(4) has been fixed.
!
- Support for 802.11a (5Ghz) has been added to wpi(4).
!
- Workarounds for firmware stability issues have been added to
! wpi(4),
! iwi(4), and
! iwn(4).
!
- Support for RT3572 chips has been added to the
! ral(4) driver.
!
- Support for RTL8106E chips has been added to the
! re(4) driver.
!
- Support for RTS5229 card readers has been added to rtsx(4).
!
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver.
!
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver.
!
- Further reliability improvements regarding suspend/resume and hibernation.
!
- Enabled IPv6 transmit TCP/UDP checksum offload in
! jme(4).
!
!
!
!
- Generic network stack improvements:
!
! - Added vxlan(4),
! a virtual extensible local area network tunnel interface.
!
- pflow(4)
! now sends 64 bit time values for pflowproto 10. The changed templates /
! flows for pflowproto 10 are now parsable by existing receivers.
!
- Continued improvement of the checksum offload framework to streamline
! the calculation of TCP, UDP, ICMP, and ICMPv6 checksums.
!
- Enabled IPv6 routing domain support.
!
!
!
!
- Routing daemons and other userland network improvements:
!
! - The popa3d POP3 server has been removed.
!
- Added ntpctl(8),
! a program to control the Network Time Protocol daemon.
!
- slowcgi(8)
! now works with a high number of concurrent connections.
!
- The inetd-based identd has been replaced by a new libevent-based
! identd(8).
!
- tcpdump(8)
! can now detect bad ICMP and ICMPv6 checksums when used with the -v flag.
!
- Added rdomain support to IPv6 configuration tools
! ndp(8),
! rtsold(8),
! ping6(8), and
! traceroute6(8).
!
- Added SNMPv2 client support to
! snmpctl(8)
! ("get", "walk", and "bulkwalk").
!
- relayd(8)
! now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default.
!
!
!
!
- pf(4) improvements:
!
! - New queueing system with new syntax.
!
- The "received-on" parameter can now be used with the "any" keyword to
! match any existing interface except loopback ones.
!
- The block policy in the default pf.conf(5) is now "block return".
!
!
!
!
- dhcpd(8) and dhclient(8) improvements:
!
! - No longer create a route to the bound address via 127.0.0.1.
!
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5).
!
- 'next-server' (a.k.a. siaddr) info now saved in lease files.
!
- Fall back to broadcasting when unicast renewal fails, as specified in
! RFC 2131 and friends.
!
- Fix various problems in communications between privileged and non-privileged processes.
!
- Fix many abuses of memcpy.
!
- Stop pretending we still support FDDI or token ring hardware types.
!
- Fix classless static routes option handling and add syntax to parse human-readable forms.
!
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields.
!
- Fix handling of non-printable characters in lease file strings.
!
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line.
!
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'.
!
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and
! 'next-server'.
!
- Log failures to fchmod() or fchown() files being written.
!
- Create lease files with permissions 0640.
!
- Fix possible failure to write resolv.conf(5) when -L is used.
!
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent.
!
!
!
!
- iked(8) improvements:
!
! - Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL".
!
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys.
!
- Support for DPD ("Dead Peer Detection") similar to the implementation in
! isakmpd(8).
!
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix".
!
- Initial support for IPComp.
!
- Various improvements and a thorough audit of the network input path.
!
!
!
!
- OpenSMTPD 5.4.2 (includes changes to 5.4.1):
!
! - Introduce initial support for DSN extension:
!
! - NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER
!
- RET=HDRS, RET=FULL
!
! - Introduce initial support for ENHANCEDSTATUSCODES extension:
!
! - smtp process returns Enhanced Status Codes for most commands.
!
- other processes now have an API to return more precise codes ...
!
- ... which will be improved further with each version.
!
! - Improved smtpctl(8):
!
! - sendmail mode now supports DSN parameters
!
- Can now pause/resume a source address -> destination domain route.
!
- Can now display status of processes with smtpctl show status.
!
- show relays: displays list of currently active relays.
!
- show routes: displays status of routes currently known by smtpd.
!
- show hosts: displays list of known remote MX.
!
- show hoststats: display status of last delivery for active domains.
!
- resume route: resumes route temporarily disable by the MTA.
!
- pause/resume envelope: allows pausing individual envelopes.
!
- pause/resume message: allows pausing individual messages.
!
- encrypt: allows generating credentials suitable for authentication.
!
- show message/envelope is now compression/encryption aware.
!
! - Introduced SNI support.
!
- Improved configuration file:
!
! - Removed last known ambiguity in grammar.
!
- Much simpler configuration for TLS-enabled hosts.
!
- Most parameters are now swappable in listen and accept rules.
!
- Conditions may be negated (ie: accept from ! <trusted> ...)
!
- Forward-only rules can be declared to impose ~/.forward files.
!
- New "recipient" keyword allows accept rule to provide a whitelist.
!
- Sender and recipient tables accept wildcard in their domains.
!
! - TLS generic improvements:
!
! - Support for TLS Perfect Forward Secrecy.
!
- Support for providing custom CA certificates.
!
! - MTA improvements:
!
! - mta may now require remote hosts to present valid certificates.
!
- Always attempt TLS before falling back to plaintext.
!
- Always present certificate if one is available.
!
- AUTH LOGIN now supported.
!
- MTA can now specify a EHLO-hostname when relaying.
!
! - SMTP server improvements:
!
! - IPv4-only and IPv6-only listeners are now possible.
!
- Listeners may now hide the From part in a Received-line.
!
- Listeners may require clients to provide a valid certificate.
!
- Banner hostname can now be dynamically fetched from a table.
!
! - Queue improvements:
!
! - Introduce an envelope cache in the queue to improve disk-IO pattern.
!
! - Documentation:
!
! - table(5) describes format for static, file and db backends.
!
- sendmail(8) describes our "sendmail" interface.
!
! - Reduced memory usage in both general and stressed cases.
!
- OpenSMTPD now automagically upgrades queue if the format changes!
!
- Support Qmail-like "sticky home".
!
- Support for authenticating users from a credentials table.
!
- Introduce passwd(5) table backend for user and credentials lookup.
!
- Expansion variables in ~/.forward now support modifiers.
!
- Much more efficient scheduler!
!
- Many documentation fixes and improvements.
!
- And a lot of minor bug fixes and internal cleanup!
!
!
!
!
- Security improvements:
!
! - Position-independent executables (PIE) are now used by default on i386.
!
- The arc4random(3)
! functions now use the ChaCha20 cipher.
!
- The kernel random number system is initially seeded by the bootloader,
! providing better random very early.
!
- Kernel stack protector is also seeded via the same mechanism, providing
! protection earlier.
!
- -Wbounded is now enabled in GCC by default.
!
- Added explicit_bzero(3).
!
!
!
!
- Performance improvements:
!
! - Relations between the buffer cache and swap daemon have been improved.
!
!
!
!
- Threading improvements:
!
! - Interprocess semaphores via sem_open(3).
!
- Running threaded processes under a debugger no longer causes panics.
!
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered.
!
- Thread stacks now have a random bias.
!
- fork(2) no longer changes the pthread_t of the forking thread in the child.
!
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3).
!
!
!
!
- Assorted improvements:
!
! - New in-memory file system, tmpfs.
!
- Many fuse(4) improvements and stability fixes.
!
- Added POSIX-required nl(1) utility.
!
- OpenBSD/vax has switched to GCC 3.
!
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3).
!
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency.
!
- Added support for CLOCK_UPTIME.
!
- Added tcgetsid(3).
!
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days.
!
- ino_t is now a 64 bit type, mostly to support large NFS filesystems.
!
- Corrected handling of UTIME_OMIT.
!
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested.
!
- Corrected handling of shared library destructors when libc is statically linked.
!
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits.
!
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits.
!
- All CIRCLEQ uses replaced with TAILQ.
!
- Preserve and honour changes to the OpenBSD bounds in a disklabel.
!
- fdisk(8) now always writes a good signature when the MBR is written to disk.
!
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices.
!
- Fix athn(4) tick calculations to eliminate excessive timeouts.
!
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED.
!
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files.
!
- sha256(1) and related tools
! (cksum(1),
! md5(1),
! sha1(1), and
! sha512(1))
! now support a new -h flag to place the checksum into a specified hash file instead of stdout.
!
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist.
!
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist.
!
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes.
!
- Allow softraid(4) to work with partitions larger than 2TB.
!
- Removed experimental RAID 4 support from softraid(4).
!
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5.
!
- The uhts(4) driver has been merged into
! ums(4).
!
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years.
!
!
!
!
- OpenSSH 6.6 (including changes to 6.5, a feature-focused release):
!
! - Security:
!
! - sshd(8):
! when using environment passing with a
! sshd_config(5)
! AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
! be tricked into accepting any enviornment variable that contains the
! characters before the wildcard character.
!
! - New/changed features:
!
! - ssh(1),
! sshd(8):
! Add support for key exchange using elliptic-curve Diffie Hellman
! in Daniel Bernstein's Curve25519. This key exchange method is
! the default when both the client and server support it.
!
- ssh(1),
! sshd(8):
! Add support for ED25519 as a public key type. ED25519 is
! a elliptic curve signature scheme that offers better security than
! ECDSA and DSA and good performance. It may be used for
! both user and host keys.
!
- Add a new private key format that uses a bcrypt KDF to better
! protect keys at rest. This format is used unconditionally for
! ED25519 keys, but may be requested when generating or saving
! existing keys of other types via the -o
! ssh-keygen(1)
! option. We intend to make the new format the default in the near
! future. Details of the new format are in the PROTOCOL.key
! file.
!
- ssh(1),
! sshd(8):
! Add a new transport cipher "chacha20-poly1305@openssh.com" that
! combines Daniel Bernstein's ChaCha20 stream cipher and
! Poly1305 MAC to build an authenticated encryption mode. Details
! are in the PROTOCOL.chacha20poly1305 file.
!
- ssh(1),
! sshd(8):
! Refuse RSA keys from old proprietary clients and servers that
! use the obsolete RSA+MD5 signature scheme. It will still be
! possible to connect with these clients/servers but only DSA keys
! will be accepted, and OpenSSH will refuse connection entirely in a
! future release.
!
- ssh(1),
! sshd(8):
! Refuse old proprietary clients and servers that use a weaker key
! exchange hash calculation.
!
- ssh(1):
! Increase the size of the Diffie-Hellman groups requested for
! each symmetric key size. New values from NIST Special Publication
! 800-57 with the upper limit specified by RFC 4419.
!
- ssh(1),
! ssh-agent(1):
! Support PKCS#11 tokens that only provide X.509 certs
! instead of raw public keys. (requested as bz#1908)
!
- ssh(1):
! Add a
! ssh_config(5)
! Match keyword that allows conditional configuration to be
! applied by matching on hostname, user and result of
! arbitrary commands.
!
- ssh(1):
! Add support for client-side hostname canonicalisation using a
! set of DNS suffixes and rules in
! ssh_config(5).
! This allows unqualified names to be canonicalised to fully-qualified
! domain names to eliminate ambiguity when looking up keys in
! known_hosts or checking host certificate names.
!
- sftp-server(8):
! Add the ability to whitelist and/or blacklist sftp protocol requests by
! name.
!
- sftp-server(8):
! Add a sftp "fsync@openssh.com" to support calling
! fsync(2)
! on an open file handle.
!
- sshd(8):
! Add a
! ssh_config(5)
! PermitTTY to disallow TTY allocation, mirroring the
! longstanding no-pty authorized_keys option.
!
- ssh(1):
! Add a
! ssh_config(5)
! ProxyUseFDPass option that supports the use of
! ProxyCommands that establish a connection and then pass a
! connected file descriptor back to
! ssh(1).
! This allows the ProxyCommand to exit rather than staying
! around to transfer data.
!
- ssh(1),
! sshd(8):
! this release removes the J-PAKE authentication code. This code
! was experimental, never enabled and had been unmaintained for some
! time.
!
- ssh(1):
! when processing Match blocks, skip 'exec' clauses
! other clauses predicates failed to match.
!
- ssh(1):
! if hostname canonicalisation is enabled and results in the destination
! hostname being changed, then re-parse
! ssh_config(5)
! files using the new destination hostname. This gives 'Host'
! and 'Match' directives that use the expanded hostname a chance
! to be applied.
!
! - The following significant bugs have been fixed in this release:
!
! - ssh(1),
! sshd(8):
! Fix potential stack exhaustion caused by nested certificates.
!
- ssh(1):
! make BindAddress work with UsePrivilegedPort.
! (bz#1211)
!
- sftp(1):
! fix the progress meter for resumed transfer. (bz#2137)
!
- ssh-add(1):
! do not request smartcard PIN when removing keys from
! ssh-agent(1).
! (bz#2187)
!
- sshd(8):
! fix re-exec fallback when original
! sshd(8)
! binary cannot be executed. (bz#2139)
!
- ssh-keygen(1):
! Make relative-specified certificate expiry times relative to current
! time and not the validity start time.
!
- sshd(8):
! fix AuthorizedKeysCommand inside a Match block.
! (bz#2161)
!
- sftp(1):
! symlinking a file would incorrectly canonicalise the target path.
! (bz#2129)
!
- ssh-agent(1):
! fix a use-after-free in the PKCS#11 agent helper executable.
! (bz#2175)
!
- sshd(8):
! Improve logging of sessions to include the user name, remote
! host and port, the session type (shell, command,
! etc.) and allocated TTY (if any).
!
- sshd(8):
! tell the client (via a debug message) when their preferred listen
! address has been overridden by the server's GatewayPorts
! setting. (bz#1297)
!
- sshd(8):
! include report port in bad protocol banner message. (bz#2162)
!
- sftp(1):
! fix memory leak in error path in do_readdir(). (bz#2163)
!
- sftp(1):
! don't leak file descriptor on error. (bz#2171)
!
- sshd(8):
! include the local address and port in "Connection
! from ..." message. (only shown at loglevel>=verbose)
!
- ssh(1):
! avoid spurious "getsockname failed: Bad file descriptor" in
! ssh -W. (bz#2200, debian#738692)
!
- sshd(8):
! allow the
! shutdown(2)
! syscall in seccomp-bpf and systrace sandbox modes, as it is reachable
! if the connection is terminated during the pre-auth phase.
!
- ssh(1),
! sshd(8):
! fix unsigned overflow that in SSH protocol 1 bignum parsing.
! Minimum key length checks render this bug unexploitable to compromise
! SSH 1 sessions.
!
- sshd_config(5)
! clarify behaviour of a keyword that appears in multiple matching
! Match blocks. (bz#2184)
!
- ssh(1):
! avoid unnecessary hostname lookups when canonicalisation is disabled.
! (bz#2205)
!
- sshd(8):
! avoid sandbox violation crashes in GSSAPI code by caching the supported
! list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107)
!
- ssh(1):
! fix possible crashes in SOCKS4 parsing caused by assumption that the
! SOCKS username is nul-terminated.
!
- ssh(1):
! fix regression for UsePrivilegedPort=yes when
! BindAddress is not specified.
!
- ssh(1),
! sshd(8):
! fix memory leak in ECDSA signature verification.
!
- ssh(1):
! fix matching of 'Host' directives in
! ssh_config(5)
! files to be case-insensitive again. (regression in 6.5)
!
!
!
!
!
- Ports and packages:
!
! - Over 8,700 ports.
!
- Major overhaul of the package tools, resulting in much better memory usage.
!
- pkg_add(1) now only trusts signed packages by default.
!
- The build process now allows some limited capability for building
! conflicting packages, yielding KDE 4 packages as a result, along
! with KDE 3 ones.
!
!
!
- Many pre-built packages for each architecture:
!
!
!
!
! - i386: 8468
!
- sparc64: 7969
!
- alpha: 6199
!
- m68k: 3270
!
|
! - sh: 345
!
- amd64: 8534
!
- powerpc: 8057
!
- m88k: 1258
!
|
! - sparc: 4681
!
- arm: 6181
!
- hppa: 6549
!
|
! - vax: 1007
!
- mips64: 4726
!
- mips64el: 6730
!
|
!
!
!
- Some highlights:
!
! - GNOME 3.10.2
- KDE 3.5.10
!
- KDE 4.11.5
!
- Xfce 4.10
- MySQL 5.1.73
!
- PostgreSQL 9.3.2
- Postfix 2.11.0
!
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0
!
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3
!
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3
!
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24
!
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0
!
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21
!
- Mono 2.10.9
- Chromium 32.0.1700.102
!
- Groff 1.22.2
- Go 1.2
!
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3
!
- Node.js 0.10.24
!
!
!
!
- As usual, steady improvements in manual pages and other documentation.
!
!
!
- The system includes the following major components from outside suppliers:
!
! - Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches,
! freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301,
! xkeyboard-config 2.10.1 and more)
!
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches)
!
- Perl 5.16.3 (+ patches)
!
- Our improved and secured version of Apache 1.3, with
! SSL/TLS and DSO support
!
- Nginx 1.4.4 (+ patches)
!
- OpenSSL 1.0.1c (+ patches)
!
- SQLite 3.8.0.2 (+ patches)
!
- Sendmail 8.14.8, with libmilter
!
- Bind 9.4.2-P2 (+ patches)
!
- NSD 4.0.1
!
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches)
!
- Sudo 1.7.2p8
!
- Ncurses 5.7
!
- Heimdal 1.5.2 (+ patches)
!
- Binutils 2.15 (+ patches)
!
- Gdb 6.3 (+ patches)
!
- Less 444 (+ patches)
!
- Awk Aug 10, 2011 version
!
!
!
!
!
!
!
!
How to install
!
! Following this are the instructions which you would have on a piece of
! paper if you had purchased a CDROM set instead of doing an alternate
! form of install. The instructions for doing an FTP (or other style
! of) install are very similar; the CDROM instructions are left intact
! so that you can see how much easier it would have been if you had
! purchased a CDROM instead.
!
!
!
! Please refer to the following files on the three CDROMs or FTP mirror for
! extensive details on how to install OpenBSD 5.5 on your machine:
!
!
!
!
!
! Quick installer information for people familiar with OpenBSD, and the
! use of the "disklabel -E" command. If you are at all confused when
! installing OpenBSD, read the relevant INSTALL.* file as listed above!
!
!
!
OpenBSD/i386:
!
! Play with your BIOS options to enable booting from a CD. The OpenBSD/i386
! release is on CD1. If your BIOS does not support booting from CD, you will need
! to create a boot floppy to install from. To create a boot floppy write
! CD1:5.5/i386/floppy55.fs to a floppy and boot via the floppy drive.
!
!
! Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller
! support, or CD1:5.5/i386/floppyC55.fs for better laptop support.
!
!
! If you can't boot from a CD or a floppy disk,
! you can install across the network using PXE as described in
! the included INSTALL.i386 document.
!
!
! If you are planning on dual booting OpenBSD with another OS, you will need to
! read INSTALL.i386.
!
!
! To make a boot floppy under MS-DOS, use the "rawrite" utility located
! at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS,
! use the
! dd(1)
! utility. The following is an example usage of
! dd(1),
! where the device could be "floppy", "rfd0c", or
! "rfd0a".
!
!
! # dd if=<file> of=/dev/<device> bs=32k
!
!
!
! Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or
! your install will most likely fail. For more information on creating a boot
! floppy and installing OpenBSD/i386 please refer to
! FAQ 4.3.2.
!
!
!
!
OpenBSD/amd64:
!
! The 5.5 release of OpenBSD/amd64 is located on CD2.
! Boot from the CD to begin the install - you may need to adjust
! your BIOS options first.
! If you can't boot from the CD, you can create a boot floppy to install from.
! To do this, write CD2:5.5/amd64/floppy55.fs to a floppy, then
! boot from the floppy drive.
!
!
! If you can't boot from a CD or a floppy disk,
! you can install across the network using PXE as described in the included
! INSTALL.amd64 document.
!
!
! If you are planning to dual boot OpenBSD with another OS, you will need to
! read INSTALL.amd64.
!
!
!
!
OpenBSD/macppc:
!
! Burn the image from the FTP site to a CDROM, and power on your machine
! while holding down the C key until the display turns on and
! shows OpenBSD/macppc boot.
!
!
! Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot
! /5.5/macppc/bsd.rd
!
!
!
!
OpenBSD/sparc64:
!
! Put CD3 in your CDROM drive and type boot cdrom.
!
!
! If this doesn't work, or if you don't have a CDROM drive, you can write
! CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs
! (depending on your machine) to a floppy and boot it with boot
! floppy. Refer to INSTALL.sparc64 for details.
!
!
! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! will most likely fail.
!
!
! You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on
! the disk and boot with boot disk:b.
!
!
! If nothing works, you can boot over the network as described in INSTALL.sparc64.
!
!
!
!
OpenBSD/alpha:
!
! Write FTP:5.5/alpha/floppy55.fs or
! FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and
! enter boot dva0. Refer to INSTALL.alpha for more details.
!
!
! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! will most likely fail.
!
!
!
!
!
OpenBSD/armish:
!
!
! After connecting a serial port, Thecus can boot directly from the network
! either tftp or http. Configure the network using fconfig, reset,
! then load bsd.rd, see INSTALL.armish for specific details.
! IOData HDL-G can only boot from an EXT-2 partition. Boot into linux
! and copy 'boot' and bsd.rd into the first partition on wd0 (hda1)
! then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition.
! More details are available in INSTALL.armish.
!
!
!
!
OpenBSD/hp300:
!
!
!
!
OpenBSD/hppa:
!
!
! Boot over the network by following the instructions in INSTALL.hppa or the
! hppa platform page.
!
!
!
!
OpenBSD/landisk:
!
!
! Write miniroot55.fs to the start of the CF
! or disk, and boot normally.
!
!
!
!
OpenBSD/loongson:
!
!
! Write miniroot55.fs to a USB stick and boot bsd.rd from it
! or boot bsd.rd via tftp.
! Refer to the instructions in INSTALL.loongson for more details.
!
!
!
!
!
OpenBSD/luna88k:
!
!
! Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader
! from the PROM, and the bsd.rd from the bootloader.
! Refer to the instructions in INSTALL.luna88k for more details.
!
!
!
!
OpenBSD/mvme68k:
!
!
! You can create a bootable installation tape or boot over the network.
! The network boot requires a MVME68K BUG version that supports the NIOT
! and NBO debugger commands. Follow the instructions in INSTALL.mvme68k
! for more details.
!
!
!
!
OpenBSD/mvme88k:
!
!
! You can create a bootable installation tape or boot over the network.
! The network boot requires a MVME88K BUG version that supports the NIOT
! and NBO debugger commands. Follow the instructions in INSTALL.mvme88k
! for more details.
!
!
!
!
OpenBSD/octeon:
!
!
! After connecting a serial port, boot bsd.rd over the network via DHCP/tftp.
! Refer to the instructions in INSTALL.octeon for more details.
!
!
!
!
OpenBSD/sgi:
!
!
! To install, burn cd55.iso on a CD-R, put it in the CD drive of your
! machine and select Install System Software from the System Maintenance
! menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from
! CD-ROM, and need a proper invocation from the PROM prompt.
! Refer to the instructions in INSTALL.sgi for more details.
!
!
! If your machine doesn't have a CD drive, you can setup a DHCP/tftp network
! server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your
! system type. Refer to the instructions in INSTALL.sgi for more details.
!
!
!
!
OpenBSD/socppc:
!
!
! After connecting a serial port, boot over the network via DHCP/tftp.
! Refer to the instructions in INSTALL.socppc for more details.
!
!
!
!
OpenBSD/sparc:
!
! Boot from one of the provided install ISO images, using one of the two
! commands listed below, depending on the version of your ROM.
!
!
! ok boot cdrom 5.5/sparc/bsd.rd
! or
! > b sd(0,6,0)5.5/sparc/bsd.rd
!
!
!
! If your SPARC system does not have a CD drive, you can alternatively boot from floppy.
! To do so you need to write floppy55.fs to a floppy.
! For more information see FAQ 4.3.2.
! To boot from the floppy use one of the two commands listed below,
! depending on the version of your ROM.
!
!
! ok boot floppy
! or
! > b fd()
!
!
!
! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install
! will most likely fail.
!
!
! If your SPARC system doesn't have a floppy drive nor a CD drive, you can either
! setup a bootable tape, or install via network, as told in the
! INSTALL.sparc file.
!
!
!
!
OpenBSD/vax:
!
! Boot over the network via mopbooting as described in INSTALL.vax.
!
!
!
!
OpenBSD/zaurus:
!
!
! Using the Linux built-in graphical ipkg installer, install the
! openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus
! for a few important details.
!
!
!
!
Notes about the source code:
!
! src.tar.gz contains a source archive starting at /usr/src. This file
! contains everything you need except for the kernel sources, which are
! in a separate archive. To extract:
!
!
! # mkdir -p /usr/src
! # cd /usr/src
! # tar xvfz /tmp/src.tar.gz
!
!
! sys.tar.gz contains a source archive starting at /usr/src/sys.
! This file contains all the kernel sources you need to rebuild kernels.
! To extract:
!
!
! # mkdir -p /usr/src/sys
! # cd /usr/src
! # tar xvfz /tmp/sys.tar.gz
!
!
! Both of these trees are a regular CVS checkout. Using these trees it
! is possible to get a head-start on using the anoncvs servers as
! described here.
! Using these files
! results in a much faster initial CVS update than you could expect from
! a fresh checkout of the full OpenBSD source tree.
!
!
!
!
!
!
!
How to upgrade
!
! If you already have an OpenBSD 5.4 system, and do not want to reinstall,
! upgrade instructions and advice can be found in the
! Upgrade Guide.
!
!
!
!
!
Ports Tree
!
! A ports tree archive is also provided. To extract:
!
!
! # cd /usr
! # tar xvfz /tmp/ports.tar.gz
!
!
! The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go
! read the ports page
! if you know nothing about ports
! at this point. This text is not a manual of how to use ports.
! Rather, it is a set of notes meant to kickstart the user on the
! OpenBSD ports system.
!
! The ports/ directory represents a CVS (see the manpage for
!
! cvs(1) if
! you aren't familiar with CVS) checkout of our ports. As with our complete
! source tree, our ports tree is available via
! AnonCVS.
! So, in order to keep current with it, you must make the ports/ tree
! available on a read-write medium and update the tree with a command
! like:
!
!
! # cd /usr/ports
! # cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
!
!
! [Of course, you must replace the server name here with a nearby anoncvs
! server.]
!
! Note that most ports are available as packages through FTP. Updated
! packages for the 5.5 release will be made available if problems arise.
!
! If you're interested in seeing a port added, would like to help out, or just
! would like to know more, the mailing list
! ports@openbsd.org is a good place to know.
!
!
!
--- 1 ----
! RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h